Reputation: 31
password encryption in parse
As parse.com is shutting down its services, I have to migrate to mysql as of now. But I can't seem to get its password generation method.
Sample password is:
"$2a$10$oNQjqXhZjWHVb.ock1Lfs.D4yeHhtaEFdiuHNIkSsambfsSCix/96"
I read few sources and got that it uses bcrypt for password generation with cost as 10. Still I am not able to get the concept and implement the same in PHP(in which I am building my APIs for my app).
Below is the link for the same, which I came across:
What column type/length should I use for storing a Bcrypt hashed password in a Database?
Can anyone please help me build the same password generation method in php so that I don't loose out on my existing app users (I need to verify password for login and as well as generate one upon registration).
Thanks in advance!
Upvotes: 1
Views: 1698
Answers (1)
Reputation: 2837
You should use password_verify():
$hash = '$2a$10$oNQjqXhZjWHVb.ock1Lfs.D4yeHhtaEFdiuHNIkSsambfsSCix/96'; // e.g. coming from database
$userInput = isset($_POST['password']) ? $_POST['password'] : null; // coming from user input form
if (password_verify($userInput, $hash)) {
// user password valid
}
else {
// user password invalid
}
Upvotes: 2
Related Questions
- PHP parse/syntax errors; and how to solve them
- How do you parse and process HTML/XML in PHP?
- Preferred method to store PHP arrays (json_encode vs serialize)
- migrating b-crypt hashed passwords from Ruby on Rails to Wordpress
- spring security Encoded password does not look like BCrypt
- How to get plaintext from hashed text?
- Play 2.1, BCrypt: hash yml password attribute before yml-parser generates User object and inserts password value
- PHP & MYSQL: using bcrypt hash and verifying password with database
- Compare BCrypt-ed password from mobile app